CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2008-4405 – Xen 3.3 - XenStore Domain Configuration Data Unsafe Storage
https://notcve.org/view.php?id=CVE-2008-4405
xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen. libvirt v0.3.3 se basa en ficheros localizados bajo subdirectorios de /local/domain en xenstore a pesar de la falta de protección contra modificaciones introducida por Xen en máquinas virtuales invitado, lo cual permite a usuarios del sistema operativo (SO) huésped tener un impacto desconocido, como lo demostrado mediante la escritura en (1) consola de texto (console/tty) o (2) el puerto VNC para el gráfico framebuffer. • https://www.exploit-db.com/exploits/32446 http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00992.html http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00994.html http://openwall.com/lists/oss-security/2008/09/30/6 http://secunia.com/advisories/32064 http://www.mandriva.com/security/advisories?name=MDVSA-2009:016 http://www.openwall.com/lists/oss-security/2008/10/04/3 http&# • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3485
https://notcve.org/view.php?id=CVE-2008-3485
Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path. Vulnerabilidad de ruta de búsqueda no confiable en Citrix MetaFrame Presentation Server permite a usuarios locales conseguir privilegios a través de un icabar.exe malicioso colocado en una ruta de búsqueda. • http://securityreason.com/securityalert/4110 http://www.securityfocus.com/archive/1/494952/100/0/threaded http://www.securityfocus.com/bid/30446 https://exchange.xforce.ibmcloud.com/vulnerabilities/44490 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2008-3253
https://notcve.org/view.php?id=CVE-2008-3253
Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition (Express and Enterprise) 4.1.0; and HP integrated Citrix XenServer (Select and Enterprise) 4.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados en las interfaces XenAPI HTTP en Citrix XenServer Express, Standard, y Enterprise Edition 4.1.0; Citrix XenServer Dell Edition (Express y Enterprise) 4.1.0; y HP integrated Citrix XenServer (Select y Enterprise) 4.1.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://secunia.com/advisories/31133 http://support.citrix.com/article/CTX117814 http://www.securityfocus.com/bid/30265 http://www.securitytracker.com/id?1020515 http://www.vupen.com/english/advisories/2008/2117/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43857 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2008-2528
https://notcve.org/view.php?id=CVE-2008-2528
Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain "access to network resources" via unspecified vectors. Vulnerabilidad no especificada en Citrix Access Gateway Standard Edition 4.5.7 y versiones anteriores y Advanced Edition 4.5 HF2 y versiones anteriores permite a atacantes remotos evitar la autenticación y conseguir "acceso a los recursos de red" a través de vectores no especificados. • http://secunia.com/advisories/30175 http://support.citrix.com/article/CTX116930 http://www.securityfocus.com/bid/29174 http://www.securitytracker.com/id?1020025 http://www.vupen.com/english/advisories/2008/1474/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42356 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2008-2300
https://notcve.org/view.php?id=CVE-2008-2300
Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors. Vulnerabilidad sin especificar en Citrix Presentation Server 4.5 y anteriores, Citrix Access Essentials 2.0 y anteriores y Citrix Desktop Server 1.0 permite a atacantes autentificados remotamente acceder a escritorios no autorizados mediante vectores de ataque desconocidos. • http://secunia.com/advisories/30271 http://support.citrix.com/article/CTX116941 http://www.securityfocus.com/bid/29232 http://www.securitytracker.com/id?1020027 http://www.vupen.com/english/advisories/2008/1530/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42439 • CWE-264: Permissions, Privileges, and Access Controls •